Re: [openssl-users] Checking if an EVP_PKEY* contains a private key
On Mon, 21 Dec 2015 21:29:03 -0800 Stephen Kouwrote: > OpenSSL has the higher-level EVP_PKEY_* functions which work > abstracts the public key cryptography algorithms. However, sometimes > a EVP_PKEY* only has a public key. How could I check if a given > EVP_PKEY* contains a private key? I could use EVP_PKEY_decrypt_init > and see if it returns an error, but that seems to be quite > heavy-handed for what seems to be a simple check. The other option > is to go through the EVP_PKEY_get0_* functions and investigate the > underlying mechanism directly (e.g. EVP_PKEY_get0_RSA and checking > the RSA*'s private exponent is NULL), but that is also clumsy as I'll > have to write code for every possible algorithm. You cannot use EVP_PKEY_decrypt_init if you want code, which works for for every possible algorithm, because every possible public key algorithm doesn't required to support encrypt/decrypt operation. For instance, DSA supports only sign/verify, DH - derive, EC_KEY - both of them, but not encrypt/decrypt. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Converting Bin format to X509 format
On Wed, 22 Jul 2015 09:17:43 + (UTC) Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Hello, I have used rsault -sign option to sign a text file which gives me a binary file. I would like to convert this to X509 so that I can use it in a ssl handshake. I understand the command: openssl x509 -inform format -in certfile -out cert.pem is used. I want to know what the parameters would be for a binary input file. Thanks in advance. Unfortunately signed text file and certificate are quite different things. Of course, certificate is signed electronic document. But it is document of special binary format, which contains public key and information about owner of corresponding private key. And typically, it is not signed by you, it is signed by Certificate Authority (known to server). When you use certificate (and corresponding private key) during SSL handshake, it means than server sends you something, you sign this something using your private key and send signature to server along with certificate. Server verifies signature under data, which it remembers it have been sent to you, using public key contained in the certificate, and says Ok, this guy really owns private key corresponding to public key in this certificate. It also verifies signature under certificate using known beforehand and trusted CA certificates, to make sure that public key stored in the certificate really belongs to person mentioned in the certificate subject field. So, if you sign some text file using your certificate, this signature cannot be used in the SSL handshake any way. Because you've signed some text file, not a challenge send by server during SSL handshake. This signature proves that you, owner of private key, have had access to this text file (provided your private key is not compromised), but there is no way to use this signature to prove that your are one, who established connection with server. To prove so, you have to sign something send to your from server, not some data, known beforehand. Really, option -sign of this utility may produce some signed document format such as PKCS#7 or CMS, which contains signer's certificate. For same purpose which I've described above. If someone wants to verify if you've signed this file, one should have your certificate, with public key and your name in it. Simplest way to ensure this is to attach certificate to the signed message. Then recipient of message can validate certificate, extracted from message with known and trusted CA and then use it to verify signature under message. If you want use such a curved way to extract certificate from card, it is possbile, provided that your rsautl produces standard signed message format, i.e PKCS#7 may be openssl pkcs7 -inform der -in signedfile.bin -print_certs would do the trick and write certificate of one who signed the file into filename.pem But this is not called convert signed file to X509 format, it is called extract X509 certificate from signed file. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Getting certificates from smartcards
On Tue, 21 Jul 2015 13:58:21 + (UTC) Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Ah okay, that clears up quite a lot of doubts. But the certificate I want to load is a self signed certificate which has a private key attached to it. I used the XCA application to export the certificate-private key pair as a p12 file to the smart card. What should I do to get the certificate in this case? Thanks. It doesn't matter how you've installed certificate into smart card. Once it, and its corresponding private key is installed on the card, you can access them separately, using PKCS#11 API (and command-line pkcs11-tool utility). So, you can extract just certificate from certificate-private key pair and put it into the file (but typically you cannot extract private key. You can only use PKCS11 API or OpenSSL ENGINE API on top of it to perform cryptographic operations with this private key. This is what smartcards are for). If you have opensc pkcs11 engine, you also should have pkcs11-tool from opensc project. Use pkcs11-tool --module your pkcs11 module --list-objects to find out which certificate-private key pairs are available on your card (you probably already know ID of your key pair, because you've used ENGINE_load_private_key, and it requires key id as argument). Then use pkcs11-tool --module your pkcs11 module --write-object id --type cert --output-file filename.der to extract certificate from card. You can then convert it to pem format using openssl x509 -in filename.der -inform DER -out filename.pem or can just use function SSL_CTX_use_certificate_file passing SSL_FILETYPE_ASN1 as its argument. Personally I consider it ugly that one need to extract certificate from token before it can be used in openssl-based applications for any purpose except SSL-client authentication. Function int ENGINE_load_certificate(ENGINE *e, const char *key id, UI_METHOD *ui_method, void *callback_data) is clearly missing from API. Existence of such function would allow to use smartcards and other hardware tokens to be used 1. In the server applications 2. In the non-SSL (i.e. CMS signing) applications 3. For secondary protocols like OCSP or timestamping authority. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Getting certificates from smartcards
On Tue, 21 Jul 2015 06:58:24 + (UTC) Anirudh Raghunath anirudhraghun...@rocketmail.com wrote: Hello, I would like to utilize the ENGINE_load_ssl_client_cert() function to load a certificate from my smart card. I have successfully loaded the engine and have also tried to play around with the ENGINE_load_private_key() function. It worked successfully and I was able to get the private key in an EVP_PKEY object. But I also want the certificate associated with it. I looked at the code of ENGINE_load_ssl_client_cert() but cannot understand the parameters passed to it. Can someone please guide me on how to use it and perhaps give a working example of the call to that function with the parameters clearly mentioned and explained? Thanks in advance. As far as I can understand, this function is designed to be called from the client certificate callback, set with function SSL_CTX_set_client_cert_cb. This callback gets pointer to SSL structure (which should be passed to ENGINE_load_ssl_client_cert) and can use SSL_get_client_CA_list to obtain list of CAs, which server would trust. (SSL protocol allows to send this list to client). So, you would pass to the ENGINE_load_ssl_client_certs 1. reference to engine to use 2. pointer to SSL object of your client connection (don't know why it might be needed), 3. list of CA distinguished names (ca_dn) which server would trust. You can obtain it from the SSL structure passed to your callback and possibly filter something out of it. 4. Three pointers to variables where result should be placed - one for certificate, other for private key and third for the stack of intermediate CA certificates 5. UI method and its callback data (which you should be already familiar with, because you have successfully managed to use ENGINE_load_private_key). Engine ought to find certificate-private key pair, where certificate is issued by one of the CA in the list you pass (or at least chain of trust from it to one of these CAs can be build) Then engine asks user for PIN-code of private key and returns all the objects - certificate, private key and chain of trust from this certificate to one of CAs you've passed to it. Probably, there can be situation where more than one certificate in the hardware token matches given criteria (issued by one of given CA). In this case engine should use ui_method to ask user which one of them he wants to use. Unfortunately, I do not know any engine which does all the things above. I've looked into source of OpenSC pkcs11 engine version 0.1.8 and found out that it doesn't support this function. So I have to copy certificate out of token into file using pkcs11-tool and use ENGINE_load_private_key to load key from token. . ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Loading pkcs11 engine opensc without using command line
On Fri, 17 Jul 2015 00:10:27 + Dr. Stephen Henson st...@openssl.org wrote: On Thu, Jul 16, 2015, Anirudh Raghunath wrote: Hello, I want to write a program in which I can load a certificate from a smartcard instead of having it in a file on the client machine. In You may be able to make use of the automatic dynamic engine loading mechanism to simplify things. You can pass the ENGINE DSO path as the ENGINE name or to the function ENGINE_by_id() and it should load it. I suggest you try it with the command line utility first. Does openssl trunk already have API to load certificate from the engine? Last time I've looked for this API I've only found int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); which seems to be a bit too specific (where would I get an SSL pointer if I want to use this certificate in the mail client to sign a CMS message?) and is not supported by opensc PKCS11 engine. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
On Tue, 14 Jul 2015 20:35:31 +0200 Jakob Bohm jb-open...@wisemo.com wrote: Does ASN1_TIME_set_string() support dates outside the time_t range of the local libc? Why do yo need time dates outside of 64-bit integer range? Sun would explode into red giant sooner than that amount of time passes. This is important when creating root certs with expiry dates after 2038 (specifically, any time = epoch+2**31). I don't think that it is a good idea to issue certificates with expire dates after 2038 now. Notice - several years ago MD5 collision was discovered, and certificates signed with md5WithRsaEncryption was phased out. Now browser manufacturers planning to phase out sha1 certificates, even though there is no published collision generation for sha1, people are thinking it is possible enough to avoid using this hashing algorithms. There are interesting mathematic results concerning big number factorization, and experiments with quantum computing, so it seems that soon we'll have to abandon RSA at all and use only EC algorithms. So I don't think that one should issue certificates valid for more than 10 years, if he hopes to have even marginal security. It is also important when creating self-signed Android apk signing certificates (which /must/ be valid for at least 30 years). Does android really have 32-bit time_t? And is it really signed? I've thought that all modern systems have already switched to 64-bit time_t or at least iterpret time_t as unsigned, which give time up to 2106. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
On Mon, 13 Jul 2015 12:25:40 +0530 Nayna Jain naynj...@in.ibm.com wrote: Hi all, I am programmatically generating the self signed certificate and need to specify the Not Before and Not After date, Wanted to understand what all formats are acceptable by this API ? X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure. You can use ASN1_TIME_set function to fill this structure. It expects integer time_t value. X509_cmp_time also expects integer time_t value. So integer number of seconds since the beginning of the epoch (1.1.1970 GMT) is everything you need. There is also ASN1_TINE_set_string function, which does deal with some datetime format, but I suggest never use it. Use C runtime library function strptime, which allows to specify format explicitely or mktime to prepare time_t value from the user input. And use OpenSSL ASN1_TIME_print function to convert ASN1_TIME to human-readble form. Also, similarly while using API , what exactly is the time format expected by X509_cmp_time(X509_get_notAfter(iv_pX509), ...); Thanks Regards, Nayna Jain ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users